Sometime earlier today I was alerted by a colleague that one of the servers I'm responsible for began sending a large amount of e-mails.
I logged into the server to find that the load had risen to a rather unacceptable level, so I looked to see what the source of it was. It turns out that the exim mail queue was quickly growing, and that exim was attempting to deliver all those messages at once. The number of messages in the queue when I logged in was somewhere around 60,000, but by the time I realized what was really happening and stopped all the mail services, the queue grew to 144,000 messages in size.
So off to the exim logs I went, and I found out exactly which account on the server was responsible for the resource abuse. Further investigation showed that they were sending out phishing messages though.
After I made my way to the user's now-disabled account, I found that they were using a version of Joomla dated 2006-12-18.
While I was at it, I decided to see how many of the primary accounts on the server were running old, outdated versions of Joomla or Mambo. Turns out, it was a large enough number that I am now in the process of building reports and notification systems to make sure the account holders keep their applications updated.
So why am I going to all this work just for "some stupid Joomla sites", you wonder. Joomla is actually pretty popular, and this blog entry alone will probably increase my Google page rank for searches involving the name of the product, just for the few times I've used it in this entry.
But now that I have the attention of anyone who would care, I want to make sure that each and every one knows that these old versions of Joomla and Mambo (especially Mambo) are very insecure.
The vendors update their applications for reasons greater than just adding new features. They fix holes in the code that allow a malicious user to tarnish the reputation of a server, such as what I am still cleaning up.
Do the world a favor and update your applications. I'm tired of cleaning up after you.